yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allowed domains env variable for Google Auth (#682)

Browse Source 
* Allowed domains env variable for Google Auth

* Fixing lint errors

* PR comments. Use includes instead of indexOf
This commit is contained in:
Satyadeep
2018-06-17 01:06:02 +05:30
committed by Tom Moor
parent 19c5cafa51
commit fad5976dd2
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.sample
View File

@@ -20,6 +20,9 @@ SLACK_SECRET=d2dc414f9953226bad0a356cXXXXYYYY
GOOGLE_CLIENT_ID= GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET= GOOGLE_CLIENT_SECRET=
# Comma separated list of domains to be allowed (optional)
# If not set, all Google apps domains are allowed by default
GOOGLE_ALLOWED_DOMAINS=
# Third party credentials (optional) # Third party credentials (optional)
SLACK_VERIFICATION_TOKEN=PLxk6OlXXXXXVj3YYYY SLACK_VERIFICATION_TOKEN=PLxk6OlXXXXXVj3YYYY

8
server/auth/google.js
View File

@@ -12,6 +12,7 @@ const client = new OAuth2Client(
process.env.GOOGLE_CLIENT_SECRET, process.env.GOOGLE_CLIENT_SECRET,
`${process.env.URL}/auth/google.callback` `${process.env.URL}/auth/google.callback`
); );
const allowedDomainsEnv = process.env.GOOGLE_ALLOWED_DOMAINS;
// start the oauth process and redirect user to Google // start the oauth process and redirect user to Google
router.get('google', async ctx => { router.get('google', async ctx => {
@@ -43,6 +44,13 @@ router.get('google.callback', async ctx => {
return; return;
} }
// allow all domains by default if the env is not set
const allowedDomains = allowedDomainsEnv && allowedDomainsEnv.split(',');
if (allowedDomains && !allowedDomains.includes(profile.data.hd)) {
ctx.redirect('/?notice=hd-not-allowed');
return;
}
const googleId = profile.data.hd; const googleId = profile.data.hd;
const teamName = capitalize(profile.data.hd.split('.')[0]); const teamName = capitalize(profile.data.hd.split('.')[0]);

8
server/pages/Home.js
View File

@@ -10,7 +10,7 @@ import SigninButtons from './components/SigninButtons';
import { developers, githubUrl } from '../../shared/utils/routeHelpers'; import { developers, githubUrl } from '../../shared/utils/routeHelpers';
type Props = { type Props = {
notice?: 'google-hd' | 'auth-error', notice?: 'google-hd' | 'auth-error' | 'hd-not-allowed',
lastSignedIn: string, lastSignedIn: string,
googleSigninEnabled: boolean, googleSigninEnabled: boolean,
slackSigninEnabled: boolean, slackSigninEnabled: boolean,
@@ -38,6 +38,12 @@ function Home(props: Props) {
try signing in with your company Google account. try signing in with your company Google account.
</Notice> </Notice>
)} )}
{props.notice === 'hd-not-allowed' && (
<Notice>
Sorry, your Google apps domain is not allowed. Please try again
with an allowed company domain.
</Notice>
)}
{props.notice === 'auth-error' && ( {props.notice === 'auth-error' && (
<Notice> <Notice>
Authentication failed - we were unable to sign you in at this Authentication failed - we were unable to sign you in at this